When an organization pursues SOC 2 compliance, an auditor will verify that they comply with the common criteria listed in the 2017 Trust Services Criteria. In addition to the common criteria, though, there’s additional criteria for the availability, confidentiality, processing integrity, and privacy categories. For example, if an organization opts to include the availability category in their audit, they would need to comply with the additional criteria for availability. Availability criteria 1.2 says, “The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives.” What does this mean for organizations and how do they comply with this criterion? Let’s find out why organizations should be designing and implementing environmental protections.